Tag: vulnerability
-
Fortinet fixed two critical flaws in FortiFone and FortiSIEM
Fortinet fixed six security flaws, including two critical bugs in FortiFone and FortiSIEM that attackers could exploit without authentication. Fortinet released patches for six vulnerabilities, including two critical flaws in FortiFone and FortiSIEM that could be exploited without authentication to leak configuration data or enable code execution. The first vulnerabilty, tracked as CVE-2025-64155 (CVSS score…
-
Fortinet fixed two critical flaws in FortiFone and FortiSIEM
Fortinet fixed six security flaws, including two critical bugs in FortiFone and FortiSIEM that attackers could exploit without authentication. Fortinet released patches for six vulnerabilities, including two critical flaws in FortiFone and FortiSIEM that could be exploited without authentication to leak configuration data or enable code execution. The first vulnerabilty, tracked as CVE-2025-64155 (CVSS score…
-
Identity Under Siege: What the Salt Typhoon Campaign Reveals About Trusted Access Risks
A recent disclosure confirms that email accounts belonging to U.S. congressional staff were compromised as part of the Salt Typhoon cyber-espionage campaign, targeting personnel supporting key House committees and exploiting trusted identities rather than software vulnerabilities, according to TechRadar. While no immediate operational disruption was publicly reported, the incident sends a clear message: identity systems…
-
‘Most Severe AI Vulnerability to Date’ Hits ServiceNow
ServiceNow tacked agentic AI onto a largely unguarded legacy chatbot, exposing customers’ data and connected systems. First seen on darkreading.com Jump to article: www.darkreading.com/remote-workforce/ai-vulnerability-servicenow
-
‘Most Severe AI Vulnerability to Date’ Hits ServiceNow
ServiceNow tacked agentic AI onto a largely unguarded legacy chatbot, exposing customers’ data and connected systems. First seen on darkreading.com Jump to article: www.darkreading.com/remote-workforce/ai-vulnerability-servicenow
-
‘Most Severe AI Vulnerability to Date’ Hits ServiceNow
ServiceNow tacked agentic AI onto a largely unguarded legacy chatbot, exposing customers’ data and connected systems. First seen on darkreading.com Jump to article: www.darkreading.com/remote-workforce/ai-vulnerability-servicenow
-
Cybersecurity risk will accelerate this year, fueled in part by AI, says World Economic Forum
Tags: ai, attack, automation, business, ceo, ciso, control, country, cryptography, cyber, cybercrime, cybersecurity, data, detection, exploit, finance, framework, fraud, governance, healthcare, incident, infrastructure, international, middle-east, phishing, ransomware, resilience, risk, service, skills, software, strategy, supply-chain, technology, threat, tool, vulnerabilityAI is anticipated to be the most significant driver of change in cybersecurity in 2026, according to 94% of survey respondents;87% of respondents said AI-related vulnerabilities had increased in the past year. Other cyber risks that had increased were (in order) cyber-enabled fraud and phishing, supply chain disruption, and exploitation of software vulnerabilities;confidence in national cyber…
-
FortiOS Vulnerability Allows Remote Code Execution Without Login
Fortinet warns a FortiOS flaw could allow unauthenticated remote code execution, making rapid patching critical. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/fortios-vulnerability-allows-remote-code-execution-without-login/
-
Windows 11 KB5074109 & KB5073455 cumulative updates released
Microsoft has released Windows 11 KB5074109 and KB5073455 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-11-kb5074109-and-kb5073455-cumulative-updates-released/
-
Microsoft Patch Tuesday for January 2026, Snort rules and prominent vulnerabilities
Microsoft has released its monthly security update for January 2026, which includes 112 vulnerabilities affecting a range of products, including 8 that Microsoft marked as “critical”. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/microsoft-patch-tuesday-january-2026/
-
SAP January 2026 Security Patch Day Fixes Critical Injection and RCE Flaws
SAP released 17 new security notes on January 13, 2026, addressing vulnerabilities affecting widely deployed enterprise systems. The patch day includes four critical-severity flaws spanning SQL injection, remote code execution, and code injection attacks that could allow authenticated and unauthenticated threat actors to compromise SAP environments. Critical Vulnerabilities Demand Immediate Attention The most severe vulnerabilities…
-
CISA Flags Actively Exploited Gogs Vulnerability With No Patch
A high-severity security flaw in the Gogs Git service is being actively exploited, leading to remote code execution First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cisa-flags-exploited-gogs-flaw-no/
-
Can You Afford the Total Cost of Free Java?
Before running Java on a free JVM, assess the likelihood of a vulnerability being exploited and the consequences of an exploit. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/can-you-afford-the-total-cost-of-free-java/
-
BodySnatcher (CVE-2025-12420): A Broken Authentication and Agentic Hijacking Vulnerability in ServiceNow
BodySnatcher (CVE-2025-12420) exposes a critical agentic AI security vulnerability in ServiceNow. Aaron Costello’s deep dive analyzes interplay between Virtual Agent API and Now Assist enabled in this exploit. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/bodysnatcher-cve-2025-12420-a-broken-authentication-and-agentic-hijacking-vulnerability-in-servicenow/
-
CyRC advisory: Vulnerability in Broadcom chipset causes network disruption and client disconnection on wireless routers
CyRC discovered critical Wi-Fi vulnerabilities in ASUS & TP-Link routers allowing network disruption via single malformed frame. CVE-2025-14631 patched. The post CyRC advisory: Vulnerability in Broadcom chipset causes network disruption and client disconnection on wireless routers appeared first on Blog. First seen on securityboulevard.com Jump to article: https://securityboulevard.com/2026/01/cyrc-advisory-vulnerability-in-broadcom-chipset-causes-network-disruption-and-client-disconnection-on-wireless-routers/
-
Key learnings from the latest CyRC Wi-Fi vulnerabilities
Critical Broadcom chipset flaw lets attackers crash Wi-Fi networks without authentication. Learn if your router is affected and how to patch it. The post Key learnings from the latest CyRC Wi-Fi vulnerabilities appeared first on Blog. First seen on securityboulevard.com Jump to article: https://securityboulevard.com/2026/01/key-learnings-from-the-latest-cyrc-wi-fi-vulnerabilities/
-
High-severity bug in Broadcom software enables easy WiFi denial-of-service
Tags: access, attack, business, encryption, exploit, firmware, flaw, monitoring, network, remote-code-execution, risk, service, software, vulnerability, wifiChipset-level bugs linger: Researchers said the vulnerability highlights why protocol-stack implementation remains open to serious flaws. “This attack is both easy to execute and highly disruptive, underscoring that even mature and widely deployed network technologies can still yield new and serious attack vectors,” said Saumitra Das, vice president of engineering at Qualys. “Because the attack…
-
For application security: SCA, SAST, DAST and MAST. What next?
Tags: advisory, ai, application-security, automation, best-practice, business, cisa, cisco, cloud, compliance, container, control, cve, data, exploit, flaw, framework, gartner, government, guide, ibm, incident response, infrastructure, injection, kubernetes, least-privilege, ml, mobile, network, nist, resilience, risk, sbom, service, software, sql, supply-chain, threat, tool, training, update, vulnerability, waf<img loading="lazy" decoding="async" src="https://b2b-contenthub.com/wp-content/uploads/2026/01/posture-provenance-proof.jpg?quality=50&strip=all&w=1024" alt="Chart: Posture, provenance and proof." class="wp-image-4115680" srcset="https://b2b-contenthub.com/wp-content/uploads/2026/01/posture-provenance-proof.jpg?quality=50&strip=all 1430w, b2b-contenthub.com/wp-content/uploads/2026/01/posture-provenance-proof.jpg?resize=300%2C168&quality=50&strip=all 300w, b2b-contenthub.com/wp-content/uploads/2026/01/posture-provenance-proof.jpg?resize=768%2C431&quality=50&strip=all 768w, b2b-contenthub.com/wp-content/uploads/2026/01/posture-provenance-proof.jpg?resize=1024%2C575&quality=50&strip=all 1024w, b2b-contenthub.com/wp-content/uploads/2026/01/posture-provenance-proof.jpg?resize=1240%2C697&quality=50&strip=all 1240w, b2b-contenthub.com/wp-content/uploads/2026/01/posture-provenance-proof.jpg?resize=150%2C84&quality=50&strip=all 150w, b2b-contenthub.com/wp-content/uploads/2026/01/posture-provenance-proof.jpg?resize=854%2C480&quality=50&strip=all 854w, b2b-contenthub.com/wp-content/uploads/2026/01/posture-provenance-proof.jpg?resize=640%2C360&quality=50&strip=all 640w, b2b-contenthub.com/wp-content/uploads/2026/01/posture-provenance-proof.jpg?resize=444%2C250&quality=50&strip=all 444w” width=”1024″ height=”575″ sizes=”auto, (max-width: 1024px) 100vw, 1024px” /> Sunil GentyalaOver the past year the community has admitted the obvious: the battleground is the software supply chain and…
-
ServiceNow Patches Critical AI Platform Flaw Allowing Unauthenticated User Impersonation
ServiceNow has disclosed details of a now-patched critical security flaw impacting its ServiceNow AI Platform that could enable an unauthenticated user to impersonate another user and perform arbitrary actions as that user.The vulnerability, tracked as CVE-2025-12420, carries a CVSS score of 9.3 out of 10.0″This issue […] could enable an unauthenticated user to impersonate another…
-
Apache Struts External Entity (XXE) Injection Vulnerability S2-069 (CVE-2025-68493)
Overview Recently, NSFOCUS CERT detected that Apache issued a security bulletin to fix the Apache Struts external entity (XXE) injection vulnerability S2-069 (CVE-2025-68493); Because the XWork component of Apache Struts does not perform effective validation when parsing XML configuration, attackers can inject external entities by constructing malicious XML data to read sensitive server files, perform…The…
-
Hackers Remotely Took Control of an Apex Legends Player’s Inputs
A critical security vulnerability has emerged in Respawn Entertainment’s popular battle royale title, allowing threat actors to remotely manipulate player inputs without requiring code execution capabilities. Respawn Entertainment, the developer of Apex Legends, has confirmed an active security incident affecting its player base. Malicious actors have discovered a vulnerability that enables them to remotely control…
-
CISA Warns of Active Exploitation of Gogs Vulnerability Enabling Code Execution
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned of active exploitation of a high-severity security flaw impacting Gogs by adding it to its Known Exploited Vulnerabilities (KEV) catalog.The vulnerability, tracked as CVE-2025-8110 (CVSS score: 8.7), relates to a case of path traversal in the repository file editor that could result in code execution.”Gogs…
-
Multiple Hikvision Flaws Allow Device Disruption via Crafted Network Packets
Hikvision has disclosed two high buffer overflow vulnerabilities affecting its security devices that could allow network-based attackers to cause device malfunctions. The security flaws, tracked as CVE-2025-66176 and CVE-2025-66177, impact select access control products and video recording systems. Both vulnerabilities stem from stack overflow issues in the device search and discovery feature. CVE ID Affected…
-
CWE Top 25 (2026) List of Top 25 Most Dangerous Software Weakness that Developers Need to Focus
MITRE has released a list of Top 25 Most Dangerous Software Errors (CWE Top 25) that are widely spread and leads to serious vulnerabilities. The list was generated based on the vulnerabilities published within the National Vulnerability Database. These vulnerabilities are easily exploitable and allow an attacker to get complete control over the system. Attackers…
-
ITStrategie für komplexe Landschaften entwickeln
»Eine IT-Security-Strategie für komplexe Landschaften zu entwickeln, sollte zu Jahresbeginn ganz oben auf der Agenda stehen.« Die meisten Cyberangriffen in der EU finden in Deutschland statt, und die Schwachstellen in den IT-Infrastrukturen nehmen täglich zu. Viele Unternehmen stehen daher vor der Frage, wie sie ihre IT-Sicherheit strategisch neu ausrichten können. Im Interview stellen Stefan Rothmeier……